| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
|---|---|
| To: | Greg Stark <gsstark(at)mit(dot)edu> |
| Cc: | Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: New types for transparent encryption |
| Date: | 2009-07-07 09:27:12 |
| Message-ID: | 4A5314F0.3040401@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greg Stark wrote:
> On Tue, Jul 7, 2009 at 10:09 AM, Heikki
> Linnakangas<heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
>> What kind of attacks would this protect against? Seems a bit pointless
>> to me if the password is being sent to the server anyway. If the
>> attacker has superuser access to the server, he can harvest the
>> passwords as the clients send them in. If he doesn't, the usual access
>> controls with GRANT/REVOKE would be enough.
>
> It would still protect against offline attacks such as against backup files.
True, but filesystem-level encryption handles that scenario with less pain.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | tomas | 2009-07-07 10:17:26 | Re: New types for transparent encryption |
| Previous Message | Kedar Potdar | 2009-07-07 09:26:51 | Re: Patch for automating partitions in PostgreSQL 8.4 Beta 2 |